On Wed, 13 Oct 1999, Norman Yelle wrote:
>Subject: sshd does not like passphrase
>
>Hi all,
>
>It appears that sshd does not like to use a passphrase.
>
>When I use ssh-keygen with a passphrase, sshd fails to start with the
>following error:
>
># /public/bin/sshd -d
>debug: sshd version 1.2.26 [sparc-sun-solaris2.4]
>debug: Bad passphrase supplied for key file /etc/ssh_host_key.
>Could not load host key: /etc/ssh_host_key
>fatal: Please check that you have sufficient permissions and the file exists.
>
>The permission on the file is fine ...
>
># ls -l /etc/ssh_host*
>-rw------- 1 root other 526 Oct 13 15:16 /etc/ssh_host_key
>-rw-r--r-- 1 root other 330 Oct 13 15:16 /etc/ssh_host_key.pub
>
>and sshd did find the file and access it ...
>
># ls -alu /etc/ssh_h*
>-rw------- 1 root other 526 Oct 13 16:28 /etc/ssh_host_key
>-rw-r--r-- 1 root other 330 Oct 13 15:17 /etc/ssh_host_key.pub
>
>
>When I use ssh-keygen with a null passphrase, sshd starts without problems.
>
>What gives?
>
>Thanks,
>Norman.
>
Per SSH-Keygen man page, "host keys must have empty passphrase".
>From manpage:
DESCRIPTION
[...]
Normally this program generates the key and asks for a file
in which to store the private key. The public key is stored
in a file with the same name but ".pub" appended. The pro-
gram also asks for a passphrase. The passphrase may be
empty to indicate no passphrase (host keys must have empty
passphrase), or it may be a string of arbitrary length.
Good passphrases are 10-30 characters long and are not sim-
ple sentences or otherwise easily guessable (English prose
has only 1-2 bits of entropy per word, and provides very bad
passphrases). The passphrase can be changed later by using
the -p option.
[...]
KC
